September 1, 2008
The Cost of Democracy
It’s heating up in US politics with the Democratic National Convention come and gone and the Republican National Convention kicking off today. Who will it be? Obama? McCain? Barr? Nader?
While Americans are making up their mind in what is set to be the most important US election in years, the last thing they need is a phisher or hacker trying to influence or misinform voters. But it happens.
In the past, minority voters were targeted by letter – a case in point being the 14,000 Latinos who received letters telling them that it was illegal for immigrants to vote in 2006. But direct mail, telephone calls and leafleting has now given way to an electronic wave of political misdirection.
(Link)
Lillie Coney, of the Electronic Privacy Information Center, explained:
“We're seeing all sorts of ways in which these people can put out the message to first-time voters and those who are unsure of their voting rights. They are replacing the tactics we saw in previous election cycles."
The motivation of these saboteurs is more than mischievous. It’s a deliberate attempt to influence election results in their party’s favour. There are several reasons why those wishing to subvert the process are moving online.
Firstly, there is a lower probability of being caught and anti-spam laws, for some reason, exclude political messages - as do “no call” lists. Voice-over IP (VOIP) is a popular tool too as the area lacks regulation and the calls are harder to trace.
Coney adds:
"By early November, we're expecting spam emails to be sent giving the wrong location for a polling station, or, incorrect details about who has the right to vote. There's even a Web site that's offering to register voters for $9.95. Of course, it doesn't cost anything to vote.”
I’m sorry, but if you pay to exercise your democratic right, well, democracy might not really be safe in your hands after all.
The Cost of Curiosity
Gary McKinnon, the British hacker who fumbled around on US military computers, has lost an appeal against his extradition to the United States. McKinnon faces up to 80 years in jail after he logged in to the computers and downloaded stuff he really shouldn’t have. (Link)
He was caught in 2002 while trying to download a picture of what he thought was of a UFO. He had become so obsessed with his belief that the US government was using alien technology to create weapons and energy sources that he quit his job as a computer analyst.
Prosecutors allege that there were far more serious ramifications to his actions than his suggested curiosity indicates. They say he caused nearly $1m in damage and took 300 computers offline. And it doesn’t sound like they are going to accept a cheque.
McKinnon has lodged a final appeal with the British Home Secretary Jacqui Smith against his extradition but, with the British eager to butter up the US administration at every turn, this seems deemed to failure.
The US military are concerned about what McKinnon might have seen but he maintains that he found nothing damaging. Rumours that he located 538 Democratic votes from the 2000 Presidential Election have proven unfounded.
E-Commerce under threat
A report from the Center for American Progress (CAP) think tank has revealed that the powerbrokers in IT circles are not doing enough to protect people from the Internet fraud.
They set the landscape by referencing the Cyber Security Industry Alliance’s 2006 survey which revealed that half of Internet users avoid making online purchases because they are afraid personal financial information will be stolen, barely a third believe online banking is as secure as banking in person and a whopping 95% view identity theft as a serious problem. (Link)
Bloggernews.net have analysed the work by CAP and report their conclusion that Internet crime requires almost no expense to execute, carries potentially high financial rewards, and involves relatively little risk of being caught and punished. Some phishing groups call pull in $250,000 a month and operate for a very small outlay from anywhere in the world.
The report balances this against the cost of Internet crime, estimated at $7.1bn in 2007 in the United States. Worldwide losses are projected to be about $100bn.
The article also talks about DIY phishing kits (which we’ve talked about before), the difficulty in prosecuting and the apathy of Internet corporates such as ISPs and auction sites whom it terms as “Internet crime enablers”.
The most probing part of the article asks:
“…if you were to take a look at all them (Internet crime enablers), they have one thing in common: which is maintaining an environment conducive to making money easily. The question is how long will it take for the financial and social costs of Internet fraud and abuse to inspire a more responsible and practical approach to the problem.”
Browsing in private for, uh, security reasons
Working in IT I have been asked on numerous occasions how one might clear an Internet browser history, turn off “auto complete” and other tell-tale signs that embarrassing websites have been visited such as bebo.com or BobGoldthwait.com.
But those days might be over as the latest version of Internet Explorer (IE8 beta 2) now includes a tool called “InPrivate Browsing” which allows users to browse with cookies, browsing and search history all turned off. (Link)
So if you’re at your father’s computer and you want to check shots of Britney’s reported tan lines incognito, then this is the tool for you.
It all looks good, right? Well, kind of.
Security experts have discovered that retrieving information about browsing history is a piece of cake.
Christian Prickaerts (really) from Fox IT said:
"The privacy option in this beta is mainly cosmetic. For a forensic investigator, retrieving the browsing history should be regarded as peanuts. The remaining records in the history file still enable me to deduce which websites have been visited.”
Microsoft have rolled their eyes, done that tut-tut noise and shaken their head, revealing in an email response that the feature is not designed to protect a user’s privacy from experts, merely from people using the same computer.
Just hope they are not security experts I guess.
|
